Damian A.
IT Professional • DevOps • Security
← Back to Home

Technical Blog

Thoughts on IT security, cloud computing trends, and lessons learned from my homelab projects. I write about the technologies I'm exploring and the challenges I'm solving.

September 23, 2025

Importing my firewall logs from My Homelab to my SIEM

After the major Sonicwall breach that was announced a few days ago, I decided to implement more precautions in my homelab environment with the help of a couple SIEMs I use daily. This post covers the complete setup including network microsegmentation, identity verification, and continuous monitoring. I decided to route all firewall logs to my Splunk SIEM to do self audits of logins. Not only that I went with the decision to add push notifications to my mobile device that way I am always aware of my network and if any configurations were changed. I personally use graylog for my Pi server and Splunk SIEM for my network infrastructure logging. SIEM use in a homelab is important to stay on top of every single change in your networking environment. I will be updating more projects on how to properly secure your home network. I personally feel home network security constantly gets overlooked leaving all your IoT devices vulnerable. My goal is to help anybody starting off in IT learn about the importance of securing your home network, not only for yourself but for family members as well.

Security Zero-Trust Networking Splunk/Graylog SIEM
3 min read
September 20, 2025

Why I Switched My Antivirus and starting using an EDR(endpoint detection response)?

After many years I was solely relying on Windows Defender, then I started doing deep research and came to the realization that although windows defender is great in home network environments, I needed something more powerful to protect my endpoints. I went with Emsisoft as my AV/EDR— Emsisoft is dual engine, what that means is it utilizes their own signature database for catching threats but along with bitdefender's signature database. Bitdefender is a high quality av that is trusted amongst many enterprises across the globe— some will say its #1 in the antivirus market. I implemented Emsisoft on my most important devices such as my windows server, a PC that hosts a couple VMs that I use daily, and my main PC for college coursework. Not only is Emsisoft Business Security a premium antivirus, but it is also a very powerful EDR. For anyone that is new trying to get into cybersecurity— EDR(endpoint detection response) is a program used in business settings to monitor enpoints with full observability. You are able to view logs, perform behavioral analytics, perform threat hunting by viewing a execution tree and timeline, and detect and mitigate malware using MITRE ATT&CK framework. I will do a follow up update on this post to explain on a deeper level what MITRE ATT&CK framework is and do some cool malware lab tests. Overall Emsisoft has been working well for me, I am able to see exactly any suspicious behavior from my devices, in time I will also be doing a blog post comparing EDRs and my favorite one to use.

Cybersecurity Antivirus EDR
3 min read
September 10, 2025

My new journey into hosting websites.

I never understood all the backend work it truly took to host a website, strictly because I was always learning about networking, security, cloud computing etc. that I never took the time to research how to actually host a website and tie everything to a domain. For now I am taking a simple approach to this site, I am working on a couple things on my freetime to implement on my website. A cool project is in the works currently, integrating an app on the home screen just for fun(I will talk more about this in a future posting). Website hosting seems to definitely be easier now with services offering to do all the work for you, even the server side setup for a relatively low fee. Website development can be a set and forget approach or be very hands on in the process—the choice is yours! You can do everything in the cloud or on prem, my recommendation for anyone trying to host on prem is make sure you fully isolate your web server from your home network and have good security measures in place. Block off all uncessary ports, network isolation, patch/update all software running even your OS, and lastly deploying a WAF(Web Application firewall) along with a AV/EDR(I will be talking more about what an EDR is soon). Since web servers are public facing they need full monitoring and extra security measures in place to secure your whole network environment, cloud hosting is a little more easier since your provider takes care of the underlying infrastructure work. I will like to dive more into this topic in the future to help college students trying to host an Eportfolio site or anyone looking into creating a website for their business. Project coming soon!

Web Development Hosting Servers
2 min read
September 5, 2025

Setting Up a SIEM with Splunk: Lessons from 30 Days of Log Analysis

What I learned after analyzing a month's worth of logs from my homelab infrastructure. This post covers interesting attack patterns, false positives, and how to tune your SIEM for better signal-to-noise ratio. My homelab, a small-scale personal IT environment, recently became my personal security playground. After a month of analyzing the logs from my Security Information and Event Management (SIEM) system, I've compiled some key findings. This post will cover common attack patterns I observed, interesting false positives, and how I've begun to tune my SIEM to improve the signal-to-noise ratio. IoT Devices: My smart home devices and other IoT gadgets are chatty. They frequently communicate with various servers and services, generating a lot of network traffic. My SIEM initially flagged this traffic as suspicious, but after a deep dive, I realized it was normal, albeit noisy, behavior. Enrichment: I enriched my logs with additional data. For example, when an alert is triggered from an external IP address, my SIEM now automatically queries a GeoIP database to tell me the country of origin. This extra context helps me prioritize which alerts to investigate. For instance, an attack from a known malicious country might get a higher priority than a random scan from a trusted cloud provider. Conclusion: The Never-Ending Story: Analyzing a month's worth of logs was a fascinating and humbling experience. It showed me how persistent and automated the threats on the internet truly are. While my homelab is a small target, the principles of defense are the same as for a large enterprise. The key takeaway is that security is not a one-time setup; it's a continuous process of monitoring, analyzing, and tuning. The journey to a perfectly quiet and secure SIEM is a long one, but it's a journey worth taking.🔒

SIEM Splunk Security Monitoring
2 min read
August 30, 2025

First 30 days with Oracle Cloud Infrastructure(OCI)

The day I created my first OCI VCN for 6 compute instances that I created just for testing purposes was a challenging experience to say the least. When I first started playing with Oracle Cloud Infrastructure (OCI) a couple of months ago, I decided to go big, or at least, big for a beginner. Instead of just a single web server, I wanted to create a proper network for six Compute Instances—one for each of my imaginary friends(haha). I designed a whole Virtual Cloud Network (VCN) with separate subnets, thinking I was a master architect. I provisioned all six instances, all running, and I felt like a proud parent of a small, digital community. The problem was, I had a mischievous streak. I wanted to see if I could "ground" one of them. I decided to make one of the instances the "bad one" of the group and block it from reaching the internet. My tool of choice? A security list. I went into the security list for that specific subnet and added a new rule. Instead of allowing all outbound traffic, I explicitly denied all of it. I'm talking about blocking all ports, all protocols, everything. The moment I saved the change, I tried to ping a public website from that instance, and sure enough, the requests timed out. It was a hilarious moment of digital rebellion and control. I had successfully grounded my virtual troublemaker. The process taught me a critical lesson that security lists are incredibly powerful and granular. It's not just about opening doors; it's also about strategically closing them to ensure your network is secure and behaves exactly how you want it to. It was a funny little experiment that solidified my understanding of network security in OCI. Small little projects like this help you gain hands on experience, I recommend anyone trying to get into the cloud computing world to utilize free tiers; most cloud providers offer this.

Cloud Disaster Recovery Backup
2 min read
August 25, 2025

Building a Home Network Lab: Hardware Choices and Lessons Learned. Advice on starting your own home lab.

A complete breakdown of how my homelab came to be. My humble beginnings of building my homelab that is slowly improving as I am learning—as I started progressing in my IT career coming up on 4 years now, I came to the realization that the real learning of all the new IT trends happen after work. I understand people get discouraged with not getting opportunities in any workplace to work with the more complex systems in an enterprise environment. I was the same I was always curious about everything and as we know the world of technology constantly expands. The world of IT is so truly vast—throughout my career I had friends, family, and fellow classmates reach out to me for advice on trying to get into IT. I always tell them it is very competitive now so you have to be willing to put the time in. Find a field in IT that draws your attention and you feel like you can excel at, then stick with it. You can be in IT support, networking, cybersecurity, DevOps etc. I always try to inform them that IT is not a single branch but a giant umbrella filled with different career paths. I eventually started recommending them to build a home lab—what is that exactly? I was doing IT support for quite some time, I wanted to dive into a new field or at least learn a good amount of everything to see what I liked the most. I was thinking I can study and take exams well, but how exactly can I get hands on experience to test out new skills learned without breaking stuff at my job? BUILD A HOME LAB! Another thing people get discouraged from is they think you need $4,000 dollars to start a home lab environment. I was the same way but realized that is not true; start small and scale up later if you want. First I started using free cloud platform tiers or use their free credits to test out the more premium features. Second Get a raspberry pi! A raspberry pi(goes for around $130) which is a tiny computer that you can build so many small scale projects from, while also gaining experience with Linux. Third Use VMware to build Virtual machines to get involved in virtualization and not break anything on your main PC(also free). Use open source software especially for firewalls like OPNSense/PFsense(free). Another great recommendation is Sophos(a highly reputable cybersecurity company) offers a free firewall for your home network—try these out to get into network security. Buy a small form factor PC($300-800) or use a old PC that you dont use anymore and do a full system wipe to perform all kinds of different projects, if you break something just system wipe again and start over. Once you are comfortable with your skills you can purchase the more expensive equipment. The hum of my homelab is a symphony I've grown to love. For months, my humble setup of a couple of VMware Workstation VMs on my main PC, all routing through a pfSense firewall on a trusty Protectli box($390), felt like the pinnacle of home networking security. I had my internal networks segmented, VPN configured, and felt pretty awesome about my digital fortress. But then more security implementations started to happen as I dove deeper into home network security. My first major upgrade was adding a dedicated Network Switch from Ubiquiti. This wasn't just any switch; it was managed, allowing me to create proper VLANs, segmenting my IoT devices, guest network, and sensitive lab environments into completely isolated broadcasts domains. Next came a Hardware Security Module (HSM), specifically a YubiKey. Eventually got a NAS(Network attached storage) to back up all my config files to it. Finally, I implemented a dedicated Intrusion Detection/Prevention System (IDS/IPS), a suricata sensor running on my protectli firewall, mirroring traffic from my main network segment and getting signatures constantly updated. Now, not only was my pfSense firewall blocking potential intrusions, but my IDS/IPS was actively sniffing out suspicious activity, ready to alert me via push notifications and a cool webhook I created—if anything even looked like a threat the network packets would be dropped immediately. My little homelab wasn't just a network anymore; it was a hardened digital bunker.

Homelab Hardware Networking
5 min read